Package: debian-policy Version: 4.1.1.1 Severity: wishlist Hello, this is in the category of "It should be obvious to anybody but I'd prefer things are well-defined in case anybody wishes to start an argument over that". So rather nitpicking. Version number re-usage happens, probably always by accident. In the past, before the advent of slugs to mark security uploads and the like, this was more likely to happen, and a long time ago my src:file package was affected by that as well[1]. Unfortunately, there was such an event even in 2017, see #876633. Such re-usage is fairly annoying: * It breaks a reasonable assumption about the features provided by a package installed in a given version. * It breaks caching proxies that rely on the uniqueness for performance i.e. no re-validation with upstream required. Also, proxies might retain packages for longer than they exist on a mirror. So I'd like to suggest an addition to "3.2. The version of a package", for clarification, wording in the simplest form: | For any package, a version number must never be re-used. What I'd like to express but I guess is a bit too long: | Unless bitwise identical, no two files that share the base name and | have a version number in it may exist anywhere in the archives, ever. Also, this is rather file-system based. But it should serve the first purpose as well: If a package in a given version is installed on two systems, the same feature set is provided on both without a doubt. A few explanations: * As it says, it's about *all* files that have a version number in the name, source and binary packages, upstream tarballs, *.dsc, *.diff.*, *.debian.tar.* and anything else. * Files without a version number in the name like package indexes and documentation are considered volatile anyway. * Moving files around without modification is acceptable and also daily routine: Between the queues, also from security to -proposed-updates * By archive I think about the Debian files served by ftp.debian.org, security.debian.org, ftp.ports.debian.org and probably a few, rather semi-official more. Perhaps "archive" isn't the best word for this. As always about policy, I'm interested about the idea but don't stick to a particular wording. Feel free to improve as I'm also not a native speaker. Also I feel a temptation to implement an according check in the auto-reject machinery at ftp-master. But that's for another day. Regards, Christoph [1] Examples: * Completely different http://snapshot.debian.org/package/file/4.17-5etch2/ * Duplicate on .dsc only (different signature, how did *that* ever happen?): http://snapshot.debian.org/package/file/5.04-5%2Bsqueeze2/ PS: Aside, I like the new presentation format of the policy document as seen in </usr/share/doc/debian-policy/policy-1.html>. Improved visual, policy version number at the very beginning, maintainer script flowcharts, upgrading checklist included, but no additional and dangerous requirements for using the document (i.e. works fine without JavaScript). Much appreciated.
Attachment:
signature.asc
Description: Digital signature